Skip to main content

Documentation Index

Fetch the complete documentation index at: https://auth0-feat-authentication-api-migration.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

POST /oauth/token When users are redirected back to your callback, you need to make a POST call to the oauth/token endpoint to exchange an authorization code for an access and/or an ID token.

Remarks

To make a call to the /oauth/token endpoint, you must:
  • Set the request content type as application/x-www-form-urlencoded
  • Use strings for all passed parameters
  • Include an additional parameter for application authentication in the request (e.g. client_secret, or client_assertion and client_assertion_type for JSON Web Token Client Authentication, or pass a client-certificate and client-certificate-ca-verified header when using Mutual TLS).

Parameters

DPoP
string
A DPoP proof for the request. This is optional and only required if your application uses Demonstrating Proof-of-Possession.

Request Body

grant_type
string
required
Denotes the flow; use authorization_code with a valid authorization code.
code
string
The authorization code from the initial /authorize call.
client_id
string
required
The client_id of your application. Required.
request_uri
string
This is required only if set at the GET /oauth/par endpoint.
code_verifier
string
Cryptographically random key used to generate the code_challenge. Recommended if code_challenge was provided.

Response

StatusDescription
200Successful response containing the tokens.